Para 3.22.31 — MSO (Audit)
Original Rule Text
3.22.31 While the auditor should be cautious enough not to be drawn into unproductive involvement in systems development, he should nevertheless examine whether:
(i) a published standard methodology is being used for designing and developing systems;
(ii) there is a common understanding by all parties-users, systems analysts, management and auditors-of the basic structure of both manual and computer processing activities, as well as of the concepts and needs for control and of the applicable control techniques;
(iii) the IT applications development is authorised by the user, the steering committee or the management;
(iv) the systems development work was preceded by a feasibility study to determine the most appropriate solutions to standard problems;
(v) there is adequate cross referencing between
(a) content and format of preliminary studies;
What This Means
While avoiding unproductive involvement in systems development, auditors should verify that a standard methodology is used for system design, all parties (users, analysts, management, auditors) share a common understanding, IT development is properly authorised, feasibility studies precede development, cross-referencing exists between study documents and code, project management techniques are applied, programming follows modular standards, and existing packages are considered before building new ones.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Key Points
- 1Published standard methodology should be used for system design and development
- 2Common understanding needed among users, analysts, management, and auditors
- 3IT application development must be authorised by user, steering committee, or management
- 4Feasibility study should precede systems development work
- 5Cross-referencing should exist between studies, specifications, and programme code
- 6Project management techniques (milestones, time/cost estimates) must be applied
- 7Modular structured programming standards should be followed
- 8Existing packages should be evaluated before building new custom applications
Practical Example
Auditing a department's custom-built file tracking system, the auditor discovers that no feasibility study was conducted, the system was developed by one programmer without any standard methodology, there is no cross-reference between user requirements and the code, and no one checked whether an existing government file tracking application could have been adopted. The project ran 8 months over schedule because no milestones were set. The audit recommends that future development follow SDLC methodology with proper authorisation and documentation.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Frequently Asked Questions
Why should existing packages be considered before custom development?▼
What is modular structured programming?▼
What does 'unproductive involvement' mean in this context?▼
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.